RLSA-2025:23336

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2025:23336

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2025:23336.json

JSON Data

https://api.test.osv.dev/v1/vulns/RLSA-2025:23336

Upstream

CVE-2025-11083

Published

2025-12-19T09:05:01.645210Z

Modified

2025-12-19T09:29:53.434610Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Moderate: gcc-toolset-13-binutils security update

Details

Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line).

Security Fix(es):

binutils: GNU Binutils Linker heap-based overflow (CVE-2025-11083)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:9 / gcc-toolset-13-binutils

Package

Name: gcc-toolset-13-binutils
Purl: pkg:rpm/rocky-linux/gcc-toolset-13-binutils?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.40-21.el9_7.1

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:23336.json"